This project has moved. For the latest updates, please go here.

Redirect-Uri is HTTP and not HTTPS behind Reverse Proxy

Jan 12, 2015 at 7:19 AM
Edited Jan 12, 2015 at 1:01 PM
The website is setup as HTTP on server... it is located behind a RP. In Google developer console we have setup to only allow HTTPS redirect-uris.

Since the site is not setup as HTTPS.. it seems OWIN uses HTTP. Tried to override this value in 'OnApplyRedirect' event... but this does not work. Authentication failes everytime... not sure why... but assuming that overwriting HTTP with HTTPS on OwinContext.RedirectUri is not enough...
 OnApplyRedirect = context =>
                    {
                        context.Response.Redirect(__We use context.RedirectUri but Replaced HTTP With HTTPS__);
                    }
Any tips on how to make this work without having to setup the site as HTTPS?

Have setup OWIN logging and this is what we get:
Microsoft.Owin.Security.Google.GoogleOAuth2AuthenticationMiddleware Error: 0 : Authentication failed
System.Net.Http.HttpRequestException: Response status code does not indicate success: 400 (Bad Request).
at System.Net.Http.HttpResponseMessage.EnsureSuccessStatusCode()
at Microsoft.Owin.Security.Google.GoogleOAuth2AuthenticationHandler.<AuthenticateCoreAsync>d__0.MoveNext()

Same happens in Facebook and Microsoft middelware as well.

Did test HTTP and that works like a charm... but we want HTTPS.
Coordinator
Jan 12, 2015 at 4:38 PM
There are a few places redirects are generated. A simpler solution would be to make your server just think it's running on HTTPS by doing the following at the start of your pipeline:
app.Use((context, next) =>
{
    context.Request.Scheme = "https";
    return next();
});
Marked as answer by lm2y on 1/13/2015 at 2:08 AM
Jan 13, 2015 at 7:56 AM
Edited Jan 13, 2015 at 7:58 AM
Thanks Tratcher, saved the day.
        private void ConfigureAuth(IAppBuilder app)
        {
            app.Use((context, next) =>
            {
                context.Request.Scheme = GetForwardedScheme(context.Request);
                return next();
            });
            app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);
            ConfigureFacebookAuth(app);
            ConfigureGoogleAuth(app);
            ConfigureMicrosoftAuth(app);
        }

        private static string GetForwardedScheme(IOwinRequest owinRequest)
        {
            return owinRequest.Headers["X-Forwarded-Proto"] ?? (owinRequest.Headers["X-Forwarded-HTTPS"] == "on" ? Uri.UriSchemeHttps : owinRequest.Scheme);
        }
Jan 13, 2015 at 9:09 AM
AAAH!!! Thank you. Was looking for a way to do exactly this but was hard to find. Thank you so much. This solved everything. Have spent a lot of hours on this now.... so glad to have it working.